Allow WordPress Login with SHA1 Password Hash

What if you’re migrating from an old website to WordPress and want to import your users, but all the passwords are hashed with SHA1? By default, WordPress does not recognize SHA1 hashed passwords, but fear not! Add this code to your functions.php, or add into an existing custom plugin. Hashed passwords are updated to the standard WP hash after a successful login.

OK, I think I have worked this out. I added this at the top of your function to get the salt from another table using the username and add it to the end of the password before hashing it:
global $wpdb;
$username = $wpdb->get_var( $wpdb->prepare( “SELECT user_login FROM $wpdb->users WHERE ID = “.$user_id ) );
$salt = $wpdb->get_var( $wpdb->prepare( “SELECT salt FROM old_users WHERE username = “.$username ) );

Great code, I ‘ve adapted your solution to an encryption algorithm used in the old system of the client and it works. The question arises when I try to make the two logins coexist together.
How could I do it?

Hi Max, thank you for the post. I’d like to know if you are worked with Woocommerce, I’m trying to migrate the password from OpenCart to Woocommerce, but the password are salted. I don’t know how this does work. Can you help me?
Thank you so much.

Hiya 🙂 You’d want to find out how the passwords are hashed with OpenCart, and then after you import them into WordPress, use this sort of code to check the hash, allow the login if it matches, and re-hash the entered password using WP.

Yep, as you mentioned you’ll need to account for the opening <?php tag. A closing tag is not needed. If they really are just regular SHA1 hashes then the code above should work for you. If you’re having trouble, try posting on Codeable.io to get help from a developer 🙂